Static Analysis

Subscribe to Static Analysis: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Static Analysis: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

Any large Java source base can have insidious and subtle bugs. Every experienced Java programmer knows that finding and fixing these bugs can be difficult and costly. Fortunately, there are a large number of free open source Java tools available that can be used to find and fix defects early in the development life cycle. In this article, we’ll look at a few examples of specific uncommon[1] or unusual defects that can happen in code and see how different Java static analysis tools detect them. Testing As software gets more complex and ubiquitous, it becomes more difficult to ensure high-quality code. One common method of finding bugs is testing. But testing can’t cover all paths and possibilities or enforce good programming practices. Expert knowledge in the form of manual code review by peers is one of the best ways to ensure good code quality. Code revie... (more)

The Paradox of Writing Perfect Code

Don't you love looking at a good piece of code? I'm talking about the kind of code where the design is so sound that the code practically wrote itself, where there were no nasty surprises at implementation, where it was 100% feature complete and bug-free, and you didn't have to patch it up a bunch of times. Maybe I'm squarely in the land of Santa Claus and the Easter Bunny, but I believe, deep down, all developers want to write that perfect piece of code. Unfortunately, real life has other ideas. Deadlines, unclear or conflicting requirements, ridiculous scope, being human - all these things keep us from the promised land of perfect code. But here's the rub: though it may be satisfying to dream about, it's likely that you'll never produce truly perfect code for real-world applications. You'll sit down to write a piece of code, you'll do the best you can, taking int... (more)

Java development tool Jtest ported to Linux

Testing is a fundamental component of the software development process -- or at least it should be. As a developer, I know firsthand how difficult it can be to discipline oneself to test as you develop. Honestly, testing can be downright boring. To me, there's nothing more tedious than writing test cases, defining the expected outputs, debugging the test cases themselves, and then actually running the tests. When I look for a testing tool, I want one that melds with the nature of testing. Anything less will fail like a New Year's resolution; you'll stick with it for a while, but inevitably you'll revert to your old bad habits. Pros and cons of Jtest Pros Excellent documentation, tutorials, and examples Superior support for static analysis, white box, and black box testing Can begin testing out of the box Responsive GUI Stubs and automatic testing features allow testing... (more)

Parasoft Jtest Integrates with Borland JBuilder 7.0 to Speed Application Development

(August 20, 2002) --Parasoft has recently announced the integration of Jtest, an automated unit testing tool for Java, with JBuilder 7.0?, the market leading Java development environment from Borland® Software Corporation. This allows JBuilder users to perform automated unit testing on their Java classes, reduce development time, and improve software quality. Jtest is the first development tool of its type to automate key unit testing practices such as white-box, black-box, and regression testing. It also performs static analysis to enforce over 300 industry-respected coding standards as well as user defined ones. As many businesses struggle to cut costs and keep up with changing technologies, IT managers and development teams face rising pressure to dramatically improve software quality and speed up production. Unit testing is one proven method of reducing softwar... (more)

New Parasoft Java Solution Debuts at JavaOne

(June 12, 2003) - This week at JavaOne, Parasoft introduced the Parasoft Java Solution, a complete package of automated tools, services, and the best practices needed to effectively prevent errors in Java applications. " We wanted to provide a comprehensive solution for improving software quality," said Adam Kolawa, Parasoft CEO. "The Parasoft Java Solution not only provides technically advanced tools to automated practices, but our services team guides development organizations through implementation and teaches them how to effectively prevent software errors within their current development process." Designed to support Automated Error Prevention (AEP) methodology, the Parasoft Java Solution improves how organizations build software by integrating error prevention and monitoring techniques into the full lifecycle of any Java development project. The Solution combi... (more)

SOA World - Exclusive Q&A with Dr Adam Kolawa, Co-founder & CEO of Parasoft

“Developers need to realize that Automated Defect Prevention benefits them," says Parasoft co-founder & CEO Dr Adam Kolawa in this Exclusive Q&A with SYS-CON Media's Java Developer's Journal. "But they won’t start recognizing this until they see that they have less work," Kolawa continues. The key to success, he adds, is to have an infrastructure handle as much work as possible. "This way, developers have time to focus on the creative tasks they enjoy most...the ones that truly require human intelligence." View Dr Kolawa on SYS-CON.TV Read Dr Kolawa's Articles “Developers need to realize that [ADP] benefits them. But they won’t start recognizing this until they see that they have less work.” -- Dr Adam Kolawa, Co-Founder & CEO of Parasoft Dr Adam Kolawa is the coauthor of the recently published Automated Defect Prevention: Best Practices in Software Management (Wiley... (more)

AdaCore Releases GNAT Pro 7.2 for Android

AdaCore today announced the release of its latest Ada cross-development environment, GNAT Pro 7.2, for ARM Cortex processors running Android. This GNAT Pro product, hosted on Windows and Linux, comprises a complete Ada toolsuite for developing and maintaining Android applications using a mixture of Ada and Java. Developers can now exploit the software engineering benefits of the Ada language, while also taking advantage of the Java libraries and services provided by the Android platform. Applications can also be written solely in Ada, or in a combination of Ada and other “native” languages. Android 2.3 and later versions are supported, on Cortex A8 and above. A recent trend is the use of COTS portable devices in mission-critical contexts, such as military command and control and industrial process management. In these systems the original OS and consumer-oriented a... (more)

Java Application Security in the Corporate World

The vast majority of corporate developers truly believe that application security is not their concern, assuming that network and engineering groups will build their environment in a secure way. But what about application security? Are you ready for the code audit? Application Security Isn't Getting the Attention It Deserves When most people in the corporate world talk about "security," they mean the security of the network, operating system, and servers. Organizations that want to protect their systems against hacker attacks invest a lot of time, effort, and money ensuring that these three components are secure. Without this secure foundation, systems cannot operate securely. However, even if the network, server, and operating system are 100% secure, vulnerabilities in the application itself make a system just as prone to dangerous attacks as unprotected networks, op... (more)

Automated Error Prevention for Linux

Most organizations that use Linux as a business operating system are developing their own applications for Linux - perhaps in response to the current scarcity of packaged applications available on Linux. With so much internal development for Linux, it is critical that the IT groups building your Linux-based applications have a means to efficiently produce reliable code. If they don't, you will jeopardize the very reliability and cost-effectiveness that most organizations are trying to achieve by turning to Linux. However, most development teams follow a development process that is far from efficient, and the applications they provide typically experience functionality problems and security weaknesses that require patches, updates, and redeployments. In fact, most IT organizations waste a great deal of their time, effort, and resources fixing what is essentially the... (more)

JDJ Product Review — Parasoft Jtest 8.0

In terms of unit testing and code compliance, Jtest is a real heavyweight in the arena. For those who haven't come across Jtest before, it's an application that will analyze your Java application code for you. At present Jtest has 700 built-in rules and 100 security rules and it will autocorrect 250 of those rules for you. It provides Parasoft SOAtest hooks for testing of SOA/Web services and Web apps. The reporting engine is also built-in so once tests are run, you can view and print results via a Web browser. There are some new features such as improved J2EE testing and the Bug Detective, which I will cover later in this review. The front end is built on the Eclipse framework so it will be familiar to some of you. Test projects are created the same way you would create a project in Eclipse. The wizards are easy to use and I got up and running in a short time. You... (more)

Bulletproof .NET Code

.NET languages are becoming increasingly popular for driving the application logic for business-critical SOA and Web applications. In these contexts, functional errors are simply not acceptable, and reliability, security, and performance problems can have serious repercussions. Yet, few development teams have the resources to ensure that their code is free of implementation errors, let alone also worry about reliability, security, and performance. Whether or not your team has a satisfactory strategy for functional testing, you're taking several significant risks if you haven't yet implemented a comprehensive team-wide quality-management strategy: New code might cause the application to become unstable, produce unexpected results, or even crash when the application is used in a way that you didn't anticipate (and didn't test for). New code might open the only door tha... (more)